Topic 191: John Ross, The Book of Wi-Fi

Joining us in Inkwell is Well member John Ross, who has been writing
about wired and wireless networks and data communication for almost
thirty years, including technical manuals and marketing literature for
Motorola, AT&T and other major equipment manufacturers and service
providers, magazine articles, and more than two dozen books about
computers, networks and the Internet. He has also produced radio
features about science and technology for NPR, the BBC and other
broadcasters around the world. He's also a host of The Well's
Northwest, Transportation and bigballs.ind (roots music) conferences.
Leading the conversation is Jon Lebkowsky, CEO of Polycot, an Austin,
Texas company focusing on computer networks and software tools for
effective collaboration and communication. He's worked as a project
manager, technology director, and online community developer, but he's
also known for his writing (mostly about technoculture) and various
high-visibility Internet projects over the last decade-plus. He was
cofounder and CEO of one of one of the first virtual corporations,
FringeWare, Inc. He's hosted several conferences on the WELL, worked as
a writer and host at Howard Rheingold's Electric Minds, and moderated
chat events at HotWired. In 1997 he joined Whole Foods Market to help
coordinate the development of their Internet, intranet, and e-commerce
initiatives. He's written for publications such as Wired Magazine,
Mondo 2000, 21C, Whole Earth Review, Fringe Ware Review, and the Austin
Chronicle. His popular weblog is at http://www.weblogsky.com. Jon is
President of EFF-Austin, a member of the Austin Free-Net Board of
Directors and the steering committee for the Austin Clean Energy
Initiative, and member of the steering committee for the annual South
by Southwest Interactive conference. He is currently leading a research
project on the economic impact of wireless telecommunications
(http://www.wirelessfuture.org) for IC², an Austin think tank
associated with the University of Texas.
John, Jon: clue us in on this crazy Wi-Fi stuff, 'mkay?

Okay, basics first. WiFi (Wireless Fidelity) is the name that the marketing
folks use for wireless extensions to a local area network (LAN) that comply
with the 802.11b specification, or one of the later specs derived from
802.11b. In practical terms, it's a technology that allows a user to connect
a computer to a network by radio.
The original idea was to extend a LAN to places where it's difficult or
inconvenient to plug a portable computer into a network through a cable -- a
factory floor, for example, or a conference room. But over the last few
years, it has also become the de facto standard for public wireless acccess
to the Internet. Access points in airport terminals, conference centers,
college campuses and other public spaces have been showing up all over the
world, or so it seems.
This is not the way the telephone companies and Internset access providers
planned things. They were all looking at third-generation (3G) cellular
telphonenetworks to provide public wireless Internet service, and they're
all scrambling to board the WiFI bandwagon.
Why is it a big deal? It extends access to the Internet, at relatively high
speed, beyond the traditional office and home computers to public spaces
like coffee shops, park benches and ferry boats. Combined with palmtop
computers, fancy portable phones and other small devices, it implies a
future with instant access to the Internet almost everywhere.
So lots of people smell money to be made. Starbucks and McDonalds are
installing access points in their stores, and a Boeing subsidiary is
developing a system that will work on commercial aircraft. Meantime, nobody
has found the right business model to see more money coming in than going
out.
Meantime, the original objective of WiFi -- expending office and home LANs
to wireless devices -- is becoming easier and cheaper, and the security
issues are gradually being resolved.

3G has a much smaller bandwidth -- you can't push as many bits through a
link -- but it can have much broader coverage. WiFi is a lot faster, so it
can support streaming video and other large files, but the signal range from
each access point/base station is normally just a few hundred yards.
So you would need a lot more base stations for a city-wide WiFi network, but
that increases thecost of providing the service.
I have no opinion about the ultimate commercial future of this stuff. For
all I know, some other technology could come along and make both of those
services irrelevant.

I have no idea. From where I'm watching this stuff, the technology isn't as
important as the money, and the conflict between the commercial service
providers and the community networkers. Conflict or cooperation; it remains
to be seen how this will all play out.
I wrote The Book of WiFi for end users. From the end-user's point of view,
the infrastructure that distributes Internet access to the local access
point should be transparent.

Hi John
I run 802.11b mixed with ethernet at home. What's the story on
security these ddays - best practices? I know that the standard WEP
(Wireless Encryption Protocol) is dissed for its easy crackability, but
should home users still use it? What's coming down the pike to replace
it?

Adding to that question... aren't there at least two kinds of security to
consider - network security and data security? I'm thinking the former is
more about preventing intrusion via wireless access, whereas the latter is
concerned with data exposed as it's transmitted over open radio
frequencies?

Good point. There's also network security in the sense of not sharing
a connection unwittingly. My ISP has announced a plan where broadband
users may share a connection with neighbors using wireless, they handle
the billing and tech support would be available.
In my nabe, if someone wanted to illicitly piggyback on my broadband
connection they'd either have to be able to see my access point from a
nearby house or park on the street - not likely in our balmy desert
summer. I did discover one day that poor response from an upstairs
wifi computer was due to it having somehow gotten attached to a
neighbor's network and not mine.

In absolute terms, 802.11b WiFi networks are not secure. There are a bunch
of sniffer/cracker tools out there that can break WEP security within a
couple of hours (maybe less). But there are some ways of dealing with the
problem.
As (jonl) said, there are at least two separate issues: unauthorized users
connecting to your network and snoopers monitoring data as it moves across
the network. As far as I'm concerned, WEP encryption is probably enough to
discourage drive-by access (aka war driving), because such a huge number of
WiFi networks don't bother to use any encryption at all. It's like those
"Club" locks on your car. An experienced car thief can open one of those
things in just a few minutes, but they generally don't bother, because it's
easier to move down the block to steal a car without a club.
The other security feature that most people don't use is "access control"
that limits access to known network adapters. If a "foreign" device tries
to connect, the base station won't accept the link.
And for heaven's sake, change the name and password of the base station.
Don't use the factory defaults, which are well known to crackers.
For most users, especially in home networks, the combination of WEP
encryption and access control are probably adequate protection. Notperfect,
but enough to discourage most would-be access theives to try somebodyelse's
network.
As for the threat of somebody grabbing your data as it moves across the
wireless link, it can be done, but it requires more sophisitcated gear, so
it's not at all common. I'd worry about it if I was a target for industrial
espionage, but not on a home network. The best way to prevent it is probably
a virtual private network.

Well, what do you think about the idea of people leaving their home
Wi-Fi networks purposely open for others to share? Other than the
obvious issue of strangers stealing all my bandwidth, what are the
liability issues? Can I claim to be the equivalent of an ISP in that
case, broadly shielded against criminal and third-party claims of
illegal usages?

I'm not a lawyer, but i suppose it would depend on the terms of your
contract with your own ISP. If they permit you to "resell" your bandwidth,
then you're probably a common carrier or something like it. I've never heard
of anybody being prosecuted, but I suppose it's possible.
Considering that a laibility suit might go after everybody in sight, the
cost of a legal defence might be enough to discourage opening up your WiFi
connection on purpose, unless your liability insurance covers it.
I don't know how the public hotspots and community networks deal with the
issue. It probably hasn't come up as yet.

Is Bluetooth out of scope, since it's not WiFi?
WiFi was originally created as a LAN technology. Could we talk a bit about
the considerations that led to this? How does 802.11 extend the
capabilities of an internal network?

Bluetooth uses the same chunk of unlicensed radio spectrum as WiFi, but it's
a different form of radio modulation. Which is to say, they can interfere
with each other under certain conditions. It's a completely different type
of wireless service--designed to connect peripheral devices at very short
range, whereas WiFi is an extension of ethernet that connects computers.
So you might use Bluetooth for a wireless keyboard or scanner, but it's the
wrong choice to do file transfers from a laptop to a desktop computer.
There's about half a paragraph about Bluetooth in my book. I haven't spent
any time working with it, so I'm the wrong person to ask about it.
(jonl), I don't understand your question in #18. When WiFi/802.11 works
properly, it's a wireless extension of a LAN that looks just like a LAN with
ethernet cables.

<15>
Don't want to sidetrack the discussion too much with this, but it's
definitely an interesting point, esp. vis-a-vis community networks,
which are reported to be springing up all over the place.
I'd be fairly sure that one's ISP agreement, while of some import,
probably cannot determine the rights of third parties, under the basic
legal premise that a private agreement between two parties can't work
to cut off the rights of a third party. (The agreement could, of
course, determine who is responsible for the liability to the third
party.) And similarly, the requirements for a shield against criminal
liability is probably based on factual points rather than on the terms
of a private contract.
This is definitely worth some additional research...

inkwell.vue.191
:
John Ross, The Book of Wi-Fipermalink #21
of 91:
Where's the Flying Car(airman)Sun 10 Aug 03 04:39

Bluetooth has a short range distance of 10 m radius, the distance across
two rooms in a house if that.
Wifi has a range of 100 meters plus, 330 feet plus. THink of a football
field or the third house down the street. It's not far, but it does help
in the Last Mile problem.
Bluetooth is seen as an appliance tool even if it has a limit on number
of appliances, seven as I recall. So it might be used in the kitchen.
And it could be used to reduce the wiring mess behind the computer
except for video. In the end it is another alternative, not an end all
solution.
Johnross, can Wifi replace the telephone?

I suppose it could, if Voice Over IP (VoIP) replaces the public switched
telephone network. [Jargon-free explanation: it's possible to move telephone
calls through data networks such as the Internet, which use a very dofferent
kind of switching from the traditional telephone network) But it doesn't
seem likely, assuming we're talking about voice services. The existing
cellular services seem like a better bet for wireless voice communication.

I should say that I have a certain amount of sympathy for the ISPs who don't
want their residential DSL or cable modem subscribers to create open public
WiFi hotspots or community networks. The ISPs base their pricing and the
size of their upstream connections to the Internet backbone on estimates of
average volume per account. If and when the demand for bandwidth increases
significantly, the ISPs will have to allocate resources to support that
demand, so they're justified in charging a high-volume user more than they
charge an average-volume user, or in actively discouraging their customers
from redistributing bandwidth.
This is probably one of those cases where the form of use is ahead of the
business model, so there might not be anything in the tariffs or the terms
of service that specifically forbids redistribution. But it's an additional
burden on the system when the link to the backbone has to handle a lot more
bits than the original projections expected.
Eventually, I suppose the backbone links will catch up, and the connections
will become "to cheap to meter", just as long distance telephone is moving
in that direction. But in the meantime, it's rough on the ISPs who can't use
their established formulas to anticipate future demand.

I've used WiFi ever since it was still called 802.11b, with my
original blueberry iBook and my Airport base station. This sort of
technology is what I find fascinating -- augmented reality, and
information "on demand" (apologies to IBM's marketing team).
*points to his profile* At college, we use WiFi exclusively in the
engineering corners of campus, as well as a few of the larger "hang
outs" such as the student union, and the Engineer's Courtyard. Almost
anywhere I am in a given day, I'm able to turn on my tablet, and tap
away happily on the internet.
On campus, we're giving away this free-for-all bandwidth. There's no
authentication, no ID checking -- the servers hand out addresses to
anyone / everyone. The university eats the cost of any of this outsider
use, but, at the same time, provides an invaluable tool to its
students and researchers. In fact, it's a selling point for the
university -- tour groups come through every so often, and the guides
make sure to point out the random laptops scattered about the booths
and tables as they walk through the dining areas.
What do you think about this inherent openness of Wireless networks?
Is it worth the security risks to provide such a service? Is it worth
the cost?